Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update safety requirements of Vec::from_raw_parts? #94950

Open
EFanZh opened this issue Mar 15, 2022 · 2 comments
Open

Update safety requirements of Vec::from_raw_parts? #94950

EFanZh opened this issue Mar 15, 2022 · 2 comments
Labels
A-allocators Area: Custom and system allocators A-docs Area: documentation for any part of the project, including the compiler, standard library, and tools C-bug Category: This is a bug. C-discussion Category: Discussion or questions that doesn't represent real issues. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. T-opsem Relevant to the opsem team

Comments

@EFanZh
Copy link
Contributor

EFanZh commented Mar 15, 2022

The “Safety” section of the document of Vec::from_raw_parts says:

  • length needs to be less than or equal to capacity.
  • capacity needs to be the capacity that the pointer was allocated with.

I think the first requirement should also add “The first length elements starting from ptr are initialized”. And the second requirement could be relaxed into “capacity needs to be less than or equal to the capacity that the pointer was allocated with”, this is because Allocator::deallocate does not require specifying exact size that the pointer was allocated with.

@EFanZh EFanZh added the C-bug Category: This is a bug. label Mar 15, 2022
@CryZe
Copy link
Contributor

CryZe commented Mar 15, 2022

Two opinions:

  1. The Allocator API is unstable, I don't think it would make sense to adjust documentation to guarantee unstable behavior.
  2. It's actually even more tricky than your wording, because it also needs to be at least the size of the Layout that was used when allocating the memory block, which you may or may not even know about depending on whether the Vec itself was using the Allocator or you yourself are constructing a Vec from a memory block you manually allocated. So given that Vec probably doesn't want to guarantee any growing behavior, you can't know the Layout that the Vec used, and thus it wouldn't be safe (in general) to use any capacity that is less than what you got from the Vec.

@TheDestroyer19
Copy link

I just noticed that from_raw_parts and from_raw_parts_in doesn't list a requirement for the first length elements of ptrmust be initialized. A possible wording would be

  • The first length must be initialized.

@fmease fmease added A-allocators Area: Custom and system allocators A-docs Area: documentation for any part of the project, including the compiler, standard library, and tools C-discussion Category: Discussion or questions that doesn't represent real issues. T-opsem Relevant to the opsem team T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. and removed needs-triage-legacy labels Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-allocators Area: Custom and system allocators A-docs Area: documentation for any part of the project, including the compiler, standard library, and tools C-bug Category: This is a bug. C-discussion Category: Discussion or questions that doesn't represent real issues. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. T-opsem Relevant to the opsem team
Projects
None yet
Development

No branches or pull requests

5 participants